Could my passwords be compromised?

PfP can prevent many attacks on your credentials and limit the damage of others.

Phishing attacks

Everybody gets emails claiming that your bank or PayPal or whoever needs you to quickly verify your credentials. Usually, these emails will link to a website very similar to the real one, except that any credentials you enter will go to the bad guys who will try to extract money from your accounts.

How PfP helps: PfP will only offer you passwords that belong to the website you are on. You might not notice that you are on the wrong website, but PfP will.

Bad server-side security

Sometimes, you just have to accept that one of your accounts gets compromised. You trust many websites with your data, yet some don’t do a good job protecting it. So occasionally one of these websites will be hacked, and there is nothing you can do about it. Sometimes you will also learn that they stored your password without adequate protection. Without a password manager, this will often turn into a disaster because the same password was used for a number of other accounts. You think the bad guys cannot figure out which ones? Think again.

How PfP helps: With PfP you shouldn’t need to ever reuse passwords. It’s a unique password for each account, so if one account gets compromised the damage stays limited to that account. It’s important however that your master password cannot be guessed.

Physical access to your device

Left your computer unlocked at work? Your laptop got stolen? The passwords stored in your browser should be considered compromised then, accessing these is usually easy.

How PfP helps: Most of the time, PfP doesn’t even save your passwords to disk. But even stored passwords and metadata like website names are safely encrypted. Accessing PfP data is only possible with your master password. Again, it’s important that your master password cannot be guessed. Also, PfP should be locked.

Shoulder surfing

Having passwords displayed on screen is always problematic. What if somebody is watching over your shoulder right now? But even if you type a password from memory, chances are that this password is simple enough for somebody to remember if they are watching you at that moment.

How PfP helps: PfP carefully avoids ever showing passwords on screen. Instead, it will usually fill our login forms automatically. This is the preferred approach because copying passwords to the clipboard might result in you pasting them to a regular text field unintentionally. But even then, passwords generated by PfP are too complicated for humans to remember quickly.

Malware infestation

You don’t keep your browser or operating system up to date? Opened an email attachment on a seemingly legitimate mail? Followed instructions on a web page claiming that you need to install a missing video codec? Then it is quite likely that your computer got infested with a malicious application. Often these applications will attempt to intercept your credentials as you enter them into your browser and allow your accounts to be taken over by the bad guys.

How PfP helps: This is a scenario where PfP cannot possibly help. If PfP provides any advantage here, it will only be accidental. You need malware protection software that will prevent malware from running on your system. Being careful with applications you allow to run and keeping installed software up to date is also important.